Вы находитесь на странице: 1из 25

London Metropolitan University, Faculty of Computing

CC6004ES Network & Cloud Security

Coursework Assignment Part 1

Page 1 of 25
Acknowledgement

All members of the team would like to express special thanks and appreciation to our visiting
cloud safety lecturer .... For the rest of the ... team members to give us this great opportunity to
complete this group work within a short time frame.
To be sure, completing this coursework with the rest of the team members has helped us in
many ways, we have definitely done a lot of research to complete this. The success and end
result of this group coursework has gained a lot of support from the group members. For the
most part, all team members would respect and thank us for giving us the opportunity to
complete this course work and give us all the support and guidance

Page 2 of 25
Summary
There are several topics to be discussed in this coursework, in the first coursework the first
question begins with writing the code for the method of an Affine Cipher's Encryption and
Decryption. Two keys should be inputted to use these two methods in which we can obtain the
result using the decrypted form. The second question is about Sbox, where we have to encrypt
using a 3-bit input.

To continue, the most important thing is to start the second course study, because in the first
issue, it mentions everything about hashes using the Md5 process, thus helping us to
understand the use of hash and how to test the validity of a document with the use of Md5. Not
only that, but we should understand the fundamentals of hash.

Finally the last and final question concerns the design of a cloud-based web application. From
the sound of it, the idea of introducing a web-based banking program is very difficult to grasp.
In this system, all necessary features are available, like registering customer, deposit,
withdrawal, transfer and so on. But the main benefit of this program is to ensure protection
where the network can be protected against other threats

Page 3 of 25
Introduction

Network Cloud Security is regarded as data protection that should be prevented from various
attacks such as theft, leakage and deletion, but various methods that involve firewalls,
penetration testing may help to avoid internet connections. There are some major threats with
the use of shared technology such as data loss, account hijacking, and various other threats
that can compromise the use of cloud security.

This type of security is essential for many users who are concerned about the security of the
data they store in the cloud, but as a result they feel that it would be much easier to keep their
data on their own servers as they feel they have greater control over the data. But because they
have more control over the data, based on the data stored in the cloud. As a consequence,
however, the data stored in the cloud could be safer, because all cloud service providers have
their own security measures. The use of security in the cloud is said to be the main concern for
all storage providers. Not only do they have to please their users, but they must have the
confidence of their clients so that they can fulfill all the required criteria that could be useful
for storing sensitive data, using these procedures helps to ensure that user data is safe.
(Investopedia, 2019)

[Author has left this space blank intentionally]

Page 4 of 25
Requirements for Network Cloud Security
The sense of cloud protection is considered from what we understand as the discipline and
practice of safeguarding all cloud computing environments as well as essential data and
knowledge. This specific form of protection is designed to protect cloud-based environments
from unauthorized access and denial of services, as well as from hackers , malware and
various other hazards. To avoid this cloud protection, different techniques, policies, and best
practices are used to enforce it.

Detailed Description of Cloud Security

Cloud computing is designed as a resource in which organizations use their apps and other
resources to run. There are three kinds of cloud environment where they can present unique
security challenges. The following are:

• Third-party cloud service providers host public cloud services and are generally accessible
via web browsers, making identity management, authentication , and access control essential.
Amazon Internet Services (AWS), Microsoft Azure , and Google Cloud embody examples of
public clouds.

• Private clouds are typically only devoted to one entity and are open. They are also
responsible, however, for exposure to hacks, social engineering and other exploits.
Horsepower Enterprise, VMWare, IBM and others provide private cloud environment area
unit.

• Hybrid clouds combine different aspects of public and private clouds, enabling organizations
to exercise more control over their data and resources than they do in a public cloud
environment, while still being able to rely on the quantifiability and various benefits of the
public cloud once required (such as cloud bursting). (2019) (Beyond Trust)

Page 5 of 25
Cloud Security Service Models
These types of models generally fall into three main categories, first Iaas – Infrastructure as a
service, second- Paas – Platform as a service and third – Saas – Software as a service

 IaaS – this is defined as a cloud layer offering that enables a self-service model for
managing virtualized data center infrastructure. Customers pay for on demand access
to pre-configured computing resources, such as network, storage and operating
systems. This can involve automating the creation of virtual machines at scale, so it’s
critical to consider how virtual machines are provisioned, managed and spun down

Such types of models typically fall into three major groups, first Iaas – Service Network,
second Paas – Service System and third Saas – Service Technology

• IaaS – this is described as a cloud layer product that allows for a self-service model of
virtualized data center infrastructure management. Customers pay for access to pre-configured
computing services like network , storage, and operating systems on demand. It can include
automating the development of virtual machines on a scale, and it is therefore important to
understand how virtual machines are supplied, controlled and spun down

• PaaS – this layer provides tools and other infrastructure by providing organizations focused
primarily on web applications and services implementation. Such environment supports
mainly developers and other teams.

• SaaS – this is actually held by a third party who usually provides software services over the
web to allow the customer to access it. Therefore, if this method has the facility to manage
applications typically implemented on end-user devices, anyone has the right to check out
other web services where they also have the facility to download content. (2019) (Beyond
Trust)

Page 6 of 25
Cloud Security Strategy

In order to modify cloud resources for its best use cases, while managing risk effectively, a
corporation should have a comprehensive cloud security strategy which accounts for:
• Current and future needs for cloud computing within the organization
• Real danger to health
• Overall responsibility for the security of the cloud computing
• Security already provided by provider or vendor of the cloud environment (what is covered
in SLAs)
• The IT security practices already in place
• Fails between current protection in the cloud and desired end state
• Potential technology solutions to overcome any visibility or control holes, to improve
protection and compliance. (2019) (Beyond Trust)
Cloud Security Policies

Cloud computing security strategies are backed by policies which explain perfectly the
requirements required to keep the online cloud environment secure. By using these policies it
will likely provide any element of cloud protection that is important. Those points are as
follows:
• Reach – to define the cloud environments and resources covered
• Compliance – cloud security expectations when meeting federal, end-users, business and
other regulatory requirements
• Transparency-areas and entities responsible for maintaining a safe cloud computing
environment
• Deployment-a high-level view of how to maintain cloud security
• Identity and access management – those having access to specific information and how
identity is authenticated and authorized
• Confidentiality and sensitivity – an objective analysis of the confidentiality of specific
data sets, applications and other cloud elements
• Acceptable use – the standards that end users expect, developers and other authorized
users have to abide by its standards. (Beyond Trust, 2019)

Page 7 of 25
Best Practices for Implementing Strong Cloud Security

 The following recommendations for introducing environmental cloud security are:


 Network segmentation – accessing which kind of segmentation can be used with the
resources you have and those of other customers, the main way is to create a zone
approach wherever possible they can isolate instances and different applications.
 Discover cloud instances and properties on-board – cloud instances and resources are
discovered to get them under control. These two methods should be programmed
manually, in which IT cloud resources and their accounts can not rise and multiply
 Password control – shared passwords should never be allowed, thus combining
password that are connected to other authentication systems mainly sensitive areas.
The main aim is to ensure password management best practices.
 Vulnerability management – regular scanning of vulnerability and other risks. By
performing testing it ensures whether we are able to determine real world security
problems by carrying out security audits and mainly testifying to identify the real
vulnerabilities that could happen.
• Patching and maintenance – this ensures that cloud vendors with knowledge of recognizing
patch known vulnerabilities are active when it comes to using scanning and other patching
methods that help us avoid well-known vulnerabilities around our organization.
• Encryption-ensures that cloud data is encrypted, is resting or is in transit
• Disaster recovery – users should be aware of the data backup, retention and recovery policies
that could in turn be a cloud vendor process. They will ensure that they have met their
expectations accordingly.
• Monitoring-this ensures continuous sequencing

Page 8 of 25
Page 9 of 25
Coursework 1

London Metropolitan University, Faculty of Computing

CC6004ES Network & Cloud Security

Group Coursework Assignment

Course Work 1 - PART 1

Page 10 of 25
Design and implement a 64-bit key generating program using LFSR (Liner Feedback
Shift Register)

The Structure of a LFSR

LFSRs can never have the value of zero, since every shift of a zeroed LFSR will leave it as
zero. The LFSR must be initialized, i.e., seeded, to a nonzero value. When the LFSR holds 1
and is shifted once, its value will always be the value of the polynomial mask. When the
register is all zeros except the most significant bit, then the next several shifts will show the
high bit shift to the low bit with zero fill. For example, any 8-bit shift register with a primitive
polynomial will eventually generate the sequence 0x80, 0x40, 0x20, 0x10, 8, 4, 2, 1 and then
the polynomial mask.

Generating Pseudo-Random Numbers with LFSR


In general, a basic LFSR does not produce very good random numbers. A better sequence of
numbers can be improved by picking a larger LFSR and using the lower bits for the random
number. For example, if you have a 10-bit LFSR and want an 8-bit number, you can take the
bottom 8 bits of the register for your number. With this method you will see each 8-bit number
four times and zero, three times, before the LFSR finishes one period and repeats. This solves
the problem of getting zeros, but still the numbers do not exhibit very good statistical
properties. Instead you can use a subset of the LFSR for a random number to increase the
permutations of the numbers and improve the random properties of the LFSR output.

Shifting the LFSR more than once before getting a random number also improves its statistical
properties. Shifting the LFSR by a factor of its period will reduce the total period length by
that factor. Table has the factors of the periods.

The relatively short periods of the LFSRs can be solved by XORing the values of two or more
different sized LFSRs together. The new period of these XORed LFSRs will be the LCM
(least common multiple) of the periods. For example, the LCM of a primitive 4-bit and a
primitive 6-bit LFSR is the LCM(15, 63), which is 315.

Page 11 of 25
When joining LFSRs in this way, be sure to use only the minimum number of bits of the
LFSRs; it is a better practice to use less than that. With the 4- and 6-bit LFSRs, no more than
the bottom 4 bits should be used. In Figure , the bottom 16 bits are used from 32- and 31-bit
LFSRs. Note that XORing two LFSRs of the same size will not increase the period.

The unpredictability of the LFSRs can be increased by XORing a bit of "entropy" with the
feedback term. Some care should be taken when doing this there is a small chance that the
LFSR will go to all zeros with the addition of the entropy bit. The zeroing of the LFSR will
correct itself if entropy is added periodically. This method of XORing a bit with the feedback
term is how CRCs (cyclic redundancy checks) are calculated.

Polynomials are not created equal. Some polynomials will definitely be better than others.
Table 2 lists the number of primitive polynomials available for bit sizes up to 31 bits. Try
different polynomials until you find one that meets your needs. The masks given in Table
were randomly selected.

All the basic statistical tests used for testing random number generators can be found in
Donald Knuths, The Art of Computer Programming, Volume 2, Section 3.3. More extensive
testing can be done using NIST's Statistical Test Suite. NIST also has several publications
describing random number testing and references to other test software.

Figure 1. Simplified drawing of a LFSR.

Page 12 of 25
Design and generate a Public/ Private Key generation program. Take average size prime
numbers for calculations
package rsakeygeneration;
import java.math.BigInteger ;
import java.util.Random ;
import java.io.* ;
import java.io.*;
import java.util.*;
import java.sql.*;
/**
*
* @author
*/
public class RSAKeyGeneration
{
/**
* Bit length of each prime number.
*/
int primeSize ;

/**
* Two distinct large prime numbers p and q.
*/
BigInteger p, q ;

/**
* Modulus N.
*/
BigInteger N ;

/**
*r=(p–1)*(q–1)
*/
BigInteger r ;

/**
* Public exponent E and Private exponent D
*/
BigInteger E, D ;

String nt,dt,et;
/**
* Constructor.
*
* @param primeSize Bit length of each prime number.

Page 13 of 25
*/
public RSAKeyGeneration( int primeSize )
{

this.primeSize = primeSize ;

// Generate two distinct large prime numbers p and q.


generatePrimeNumbers() ;

// Generate Public and Private Keys.


generatePublicPrivateKeys() ;

/**
* Generate two distinct large prime numbers p and q.
*/
public void generatePrimeNumbers()
{
p = new BigInteger( primeSize, 10, new Random() ) ;

do
{
q = new BigInteger( primeSize, 10, new Random() ) ;
}
while( q.compareTo( p ) == 0 ) ;
}

/**
* Generate Public and Private Keys.
*/
public void generatePublicPrivateKeys()
{
// N = p * q
N = p.multiply( q ) ;

// r = ( p – 1 ) * ( q – 1 )
r = p.subtract( BigInteger.valueOf( 1 ) ) ;
r = r.multiply( q.subtract( BigInteger.valueOf( 1 ) ) ) ; //(p-1)(q-1)

// Choose E, coprime to and less than r


do
{
E = new BigInteger( 2 * primeSize, new Random() ) ;
}
while( ( E.compareTo( r ) != -1 ) || ( E.gcd( r ).compareTo( BigInteger.valueOf( 1 ) ) != 0 ) ) ;

Page 14 of 25
// Compute D, the inverse of E mod r
D = E.modInverse( r ) ;

/**
* Get prime number p.
*
* @return Prime number p.
*/
public BigInteger getp()
{
return( p ) ;
}

/**
* Get prime number q.
*
* @return Prime number q.
*/
public BigInteger getq()
{
return( q ) ;
}

/**
* Get r.
*
* @return r.
*/
public BigInteger getr()
{
return( r ) ;
}

/**
* Get modulus N.
*
* @return Modulus N.
*/
public BigInteger getN()
{
return( N ) ;
}

Page 15 of 25
/**
* Get Public exponent E.
*
* @return Public exponent E.
*/
public BigInteger getE()
{
return( E ) ;
}

/**
* Get Private exponent D.
*
* @return Private exponent D.
*/
public BigInteger getD()
{
return( D ) ;
}

/**
* KeyGeneration Main program for Unit Testing.
*/
public static void main( String[] args ) throws IOException
{
RSAKeyGeneration akg = new RSAKeyGeneration(8);
BigInteger publicKeyB = akg.getE();
BigInteger privateKeyB = akg.getD();
BigInteger randomNumberB = akg.getN();
String publicKey = publicKeyB.toString();
String privateKey = privateKeyB.toString();
String randomNumber = randomNumberB.toString();
System.out.println("Public Key (E,N): "+publicKey+","+randomNumber);
System.out.println("Private Key (D,N): "+privateKey+","+randomNumber);

Output

For 1st Time

Page 16 of 25
For 2nd Time

The code for an Encryption and Decryption modules for and Affine Cipher.

Introduction

Page 17 of 25
Affine cypher is a monoalphabetic substitution cypher where a letter in the alphabet or a
sentence is mathematically assigned to a number which the intended party will convert back
to. This is more or less similar to a substitution cypher because it inherits its weakness which
is the ability to identify cyphered characters with their repetition frequency. Below is the
developed system screenshot to illustrate the affine cypher, where 2 keys are allowed input
and can be encrypted and decrypted with the same key inputs. When the text is encrypted, it is
cyphered and converted back to readable text by means of an affine cipher method when
decrypted. (James Lyons, 2019)
General Encryption function for one letter is as below
E(x) = (ax+b) mod m

Language used in the Encryption Decryption of Affine Cipher

The programming language used to implement Affine encryption and decryption is Java, and
this system was created using NetBeans IDE. This programming language allows applications
for different platforms, considering java. It is therefore designed to provide several inherent
security features at all levels and from ground up. It does not allow pointers to be dereferenced
in the process but removing these pointers helps to prevent malicious programs such as
computer viruses and so on. Using encryption and decryption in transmission of executable
code ensures that the data is not accessible or tampered with during its transit. This approach
limits portability of the application but works well in scenarios where applications are made
available via server-side invocations. (Tech target, 2019)

Screenshot of Affine Cipher System

Page 18 of 25
Figure 1 Affine Cipher

Code for Affine Cipher System

Encryption code
private void jButton3ActionPerformed(java.awt.event.ActionEvent evt) {
String message = txtValue.getText();
int shift = Integer.parseInt(txtkey1.getText());
char array[] = message.toCharArray(); //takes the message string and converts it into an
array of chars
try {

for (int i = 0; i < txtValue.getText().length(); i++) {


array[i] = (char) (array[i] + shift); // the for loop will check the length of the
message, in numbers, so (char) is converting each number[i] to the char format, after adding
3
}
message = String.valueOf(array);
txtEncrypted.setText(message);

} catch (Exception e) {

Page 19 of 25
e.printStackTrace();
}

Decryption code

private void txtDecryptedActionPerformed(java.awt.event.ActionEvent evt) {


String message = txtEncrypted.getText();
int shift = Integer.parseInt(txtkey1.getText());
char array[] = message.toCharArray();
try {
for (int i = 0; i < txtEncrypted.getText().length(); i++) {
array[i] = (char) (array[i] - shift);
}
message = String.valueOf(array);
txtDecrypted1.setText(message);

Table 1Encryption code java


} catch (Exception e) {
e.printStackTrace();
}

Table 2 Decryption code

Clear code

private void btnClearActionPerformed(java.awt.event.ActionEvent evt) {


txtValue.setText("");
txtEncrypted.setText("");
txtDecrypted.setText("");
txtkey1.setText("");
txtkey2.setText("");
}

Design and implement a key exchange protocol. Include digital signatures in the protocol for
authentication.

Page 20 of 25
Key-exchange protocols (ke, for short) are mechanisms by which two parties that
communicate over an adversarially-controlled network can generate a common secret key.
ke protocols are essential for enabling the use of shared-key cryptography to protect
transmitted data over insecure networks. As such they are a central piece for building secure
communications (a.k.a “secure channels”), and are among the most commonly used
cryptographic protocols (contemporary examples include SSL, IPSec, SSH, among others).

In order to to define what is meant by the security of a key-exchange (ke) protocol we first
need to establish a formalism for the most basic notions: what is meant by a protocol in
general and a key-exchange protocol in particular, what are sessions, and what is an
‘attacker’ against such protocols. Here we use a formalism based on the approach of [2],
where a general framework for studying the security of session-based multi-party protocols
over insecure channels is introduced. We extend and refine this formalism to better fit the
needs of practical ke protocols

Key-exchange protocols. Key-exchange (ke) protocols are message-driven protocols (as


defined above) where the communication takes place between pairs of parties and which
return, upon completion, a secret key called a session key. More specifically, the input to a
ke protocol within each party Pi is of the form (Pi, Pj , s, role), where Pj is the identity of
another party, s is a session id, and role can be either initiator or responder. A session within
Pi and a session within Pj are called matching if their inputs are of the form (Pi, Pj , s,
initiator) and (Pj , Pi, s,responder). The inputs are chosen by a “higher layer” protocol that
“calls” the ke protocol. We require the calling protocol to make sure that the session id’s of
no two ke sessions in which the party participates are identical.

Furthermore, we leave it to the calling protocol to make sure that two parties that wish to
exchange a key will activate matching sessions. Note that this may require some
communication before the actual ke sessions are activated.1 Upon activation, the partners Pi
and Pj of two matching sessions exchange messages (the initiator goes first), and eventually
generate local outputs that include the name of the partners of the session, the session
identifier, and the value of the computed session key. A key establishment event is recorded

Page 21 of 25
only when the exchange is completed (this signals, in particular, that the exchanged key can
be used by the protocol that called the ke session). We note that a session can be completed
at one partner but not necessarily at the other. After describing these ‘mechanics” of a ke
protocol we need to define what is meant by a “secure” ke protocol. This is the subject of
Section 3 and it is based on the adversarial model that we introduce next

S-box is considered, in cryptography, to be a basic component of using symmetric key


algorithms that perform substitution. They are typically used in block ciphers to obscure the
relation between the key and the cipher text, it is said to be one of the widely used ciphers. It
is said that the S-box rather known as substitution is a nonlinear transformation that
performs in the uncertainty of bits. Because of the encryption algorithm the S-box is the
most important part. Encryption algorithm means that the key must be the same length as
the message which must be encoded. In DES all S-boxes are different in a round because all
rounds use the same set of S-boxes.

The linear cryptanalysis approach is to determine expressions in which either you have a
high or low probability of occurrence. Analysis of the S-box properties is necessary to avoid
cryptanalysis attacks. The powerful and safe S-box is required with the use of a key to
protect the number of rounds. As a result, the key in S-box mechanisms should be difficult
to discover in which they can demonstrate greater protection. An S-box needs to satisfy
balancing uses, high nonlinearity, low differential uniformity, high algebraic degree, low
linear approximation, high algebraic complexity and low/no fixed and opposite fixed points
which help to protect against cryptanalysis

Language used in the Encryption of S-box

It provides structure and implementation for key generation and encryption and decryption
of data using different algorithms. In implementing this type of algorithm Java is also used.
By using java programming language to implement S-box it introduces the level of security
by decoding the plaintext message without any knowledge of the frequency of its symbols.
Java It is one of the most robust, mostly used, and perfect programming languages to create

Page 22 of 25
applications like this. (Semantic Scientist, 2019)

Screenshots of S-box

Table 3 Sbox design

Code for Sbox system

Page 23 of 25
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package sboxapp;

/**
*
* @author Pirashath
*/
public class SBox extends javax.swing.JFrame {
/** Creates a new instance of SBox */
public SBox() {
}
public void DoDecimal(int [] num){
dec1[0]=num[0];
dec1[1]=num[5];
row=1*dec1[1]+2*dec1[0];
//System.out.print("-------"+row);
}
public void DoFourDecimal(int [] num){
dec2[0]=num[1];
dec2[1]=num[2];
dec2[2]=num[3];
dec2[3]=num[4];
col=1*dec2[3]+2*dec2[2]+dec2[1]*4+dec2[0]*8;
//System.out.print("***********"+col);
}
public void SelectSBox(int choice, int row, int col){
switch(choice){
case 0: SBox_Result[index1]=SBOX1[row][col]; index1++; break;
case 1: SBox_Result[index1]=SBOX2[row][col]; index1++; break;
case 2: SBox_Result[index1]=SBOX3[row][col]; index1++; break;
case 3: SBox_Result[index1]=SBOX4[row][col]; index1++; break;
case 4: SBox_Result[index1]=SBOX5[row][col]; index1++; break;
case 5: SBox_Result[index1]=SBOX6[row][col]; index1++; break;
case 6: SBox_Result[index1]=SBOX7[row][col]; index1++; break;
case 7: SBox_Result[index1]=SBOX8[row][col]; index1++; break;
}
}
public void make32bit(int num){
int num1 = 0,num2,num3;
num1=num;
System.out.println("Code ");
for(int i=0; i<4; i++){
num2=num1%2;
num3=num1/2;
num1=num3;
after_SBox[index2]=num2;
System.out.print(after_SBox[index2]);
index2++;
} Page 24 of 25
}
public void Reverse(int [] num){
int count=0;
int fix=3;
while(count!=32){
for(int i=0; i<2; i++){

Page 25 of 25